Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...

[Stev e Holdoway]

I've found a howto to enable local admin via recovery/regedit, and have 
now enabled it.


I can leave and re-join the domain with no problem at all, BUT STILL 
CAN'T LOG IN, even using the same account that I used to leave/join the 
domain.


Hair long gone ):

Steve
On 21/05/13 15:06, Dewayne Geraghty wrote:

Oh dear!  You're in a really bad place.

The PC can't join the domain.  Therefore you can't use domain credentials.  So 
the domain is out of the picture.  This has occurred
because the PC has changed its computer password and failed to notify the 
server within its normal limits.  So - forget the domain.


A local priv'ed account is your only option.  But without that, or a local 
Administrator password, you're really hosed.  Its meant
to be this way...

Windows is good at one thing, making it really difficult to "own" a machine 
when you don't have credentials.  But not the data.

If you have critical information on the PC and it hasn't been encrypted, then 
you should be able to extract it by taking the disk
out and inserting into a UNIX machine, or perhaps another Win PC.

I vaguely recall some Linux software that broke into the security db, about 12 
years ago; but I expect MS has fixed that.

If I were at this point, I'd try to "repair" the machine and take the system 
back to a known local account.

And when this is all over, don't forget to create a priv'ed account on all PC's 
with a long complex password that is your ultimate
failsafe.  (I do this with all customers, and I don't recall the number of 
times that has been the ONLY solution.)

Good luck, let me know if you are able to repair the system, if you take that 
course.

Kind regards, Dewayne



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...

[Stev e Holdoway]

The problem is that I'm descending further into the mire. Can't log on 
to the PC as local administrator account is disabled, can't log on in 
safe mode without arriving at the domain login screen, can't seem to 
find anything on the server side to fix this.


Remembering well why I chose the dark side years ago, and losing the 
will to live...



Steve

On 20/05/13 19:22, Dewayne Geraghty wrote:

Steve, Linda's on the money.

We experience this problem when staff are absent for as little as a week, could 
just be a timing problem.  Though if your PC's and
server has been continuously up, then your PC's may have dropped the location 
of where the server is.  If that is the case, then you
might need to examine either: how your pdc advertises itself, or where you've 
told the PC's to find the WINS server.

Typically an administrator accesses the PC and tells it to rejoin the domain.  
A simple leave and rejoin does the trick.

Regards, Dewayne.


-Original Message-
From: samba-boun...@lists.samba.org
[mailto:samba-boun...@lists.samba.org] On Behalf Of Linda Walsh
Sent: Monday, 20 May 2013 11:29 AM
To: Chris Rowson; Samba mailing list
Subject: Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...





Chris Rowson wrote:

On 19 May 2013 23:13, "Steve Holdoway"

 wrote:
   

Can anyone help with this? I set it all up a few months

ago, the samba

side being standard upgrades via debian - configured as a

PDC, and the

windows 7 clients being clean installs, with the standard
lanmanworkstation regedits done.

They've been working fine since then, but have now started failing,
instead raising the error message

  'The trust relationship between this work station and the primary
domain has failed'
 

I had this problem alot until I told my windows computer  to disable
machine account
password changes.   I think it changes them about every 30
days or maybe
less -- but
it would change it's password and the server wouldn't be informed, so
the shared-secret
between the two of them was no longer decipherable.

To be honest, it doesn't sound like the BEST way, or the most
SECURE way
to fix
the problem, BUT, given my windows machine is on a closed
internal net,
practicality trumps imaginary security problems


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba